Wide area network using internet with quality of service

  • US 7,111,163 B1
  • Filed: 07/10/2000
  • Issued: 09/19/2006
  • Est. Priority Date: 07/10/2000
  • Status: Active Grant
First Claim
Patent Images

1. A private, secure wide area network using the internet as a backbone between a source site and a destination site, comprising:

  • a first dedicated signal path to a router of a source ISX/ISP provider of internet access;

    a source router located at a source site and having a channel service unit having an output coupled to said first dedicated signal path and having a routing table which has been configured to recognize AlterWAN packets and always route them over said first dedicated signal path to said source ISX/ISP provider, said AlterWAN packets being packets having as their destination address one of one or more predetermined Internet Protocol addresses assigned to an AlterWAN private tunnel, and AlterWAN private tunnel being a data path through the internet which uses only high bandwidth, low latency data paths between predetermined ISX/ISP provider sites which have been pre-tested to ensure that adequate bandwidth and low latency exists for AlterWAN packets and that AlterWAN packets are always routed at said predetermined ISX/ISP provider site into said AlterWAN private tunnel;

    a source firewall circuit located at a source site and having a first port for coupling directly or through a local area network to one or more computers or other devices at said source site for which communication over said private, secure wide area network (hereafter WAN) is desired, and having a WAN interface coupled to said source router directly or through a local area network, said source firewall functioning to encapsulate any Internet Protocol packets hereafter IP packets transmitted from said first computer or other device which have a destination Internet Protocol address (hereafter IP address) which is one of a set of “

    predetermined IP addresses”

    , said predetermined IP addresses”

    being IP addresses of computers or other devices at a destination site which are assigned to said private tunnel, said encapsulation being performed on the payload sections of IP packets having as their destination address one of said “

    predetermined IP addresses”

    , hereafter referred to as AlterWAN packets and for encrypting said payload sections of said AlterWAN packets using any encryption method known to a destination firewall at a destination site and transmitting said AlterWAN packets to said source router, but said source firewall for not encapsulating any IP packets transmitted by said first computer or other device which do not have as their destination address one of said “

    predetermined IP addresses”

    , and for receiving incoming IP packets from various sources including computers and devices at said destination site via said source router and for recognizing AlterWAN packets among these IP packets on the basis that an AlterWAN packet has one of said “

    predetermined IP addresses”

    as its destination address, and decrypting the payloads of said AlterWAN packets to recover said IP packets that were encapsulated in said AlterWAN packets and transmitting at least said recovered IP packets to said one or more computers or devices at said source site to which said recovered IP packets are addressed;

    one or more internet data paths coupled to routers of said predetermined ISX/ISP providers of internet services, said routers having their routing tables configured to recognize said AlterWAN packets by their destination addresses and to cause said routers to route AlterWAN packets into said AlterWAN private tunnel data path, each said predetermined ISX/ISP provider being a provider of internet services who has contracted to provide routing of AlterWAN packets into said AlterWAN private tunnel data path, said AlterWAN private tunnel data path being at least one of said internet data paths which has been pre-tested to verify that said data path does in fact provide a low hop count data path having an average available bandwidth along each portion of said data path travelled by said AlterWAN packets which exceeds the worst case bandwidth consumption of AlterWAN packet traffic between said source site and said destination site;

    a destination router including a channel service unit coupled to or part of said destination router and having a trusted side output, said destination router coupled through said channel service unit and a second dedicated data path to a router of a said participating ISX/ISP provider, said destination router having its routing tables configured to recognize said AlterWAN packets and route them to said trusted side output;

    a destination firewall circuit having a WAN interface coupled to said trusted side output of said destination router directly or through a local area network and having a second port for coupling directly or through a local area network to one or more computers or devices for which communication across said private AlterWAN data path is desired, said destination firewall functioning to encapsulate into the payload sections of AlterWAN packets IP packets transmitted from said one or more computers or devices at said destination site and having as their destination addresses one of said “

    predetermined IP addresses”

    which is an IP address of said one or more computers or devices at said source site, and functioning to encrypt the payloads of said AlterWAN packets and transmit said AlterWAN packets to said destination router, but for not encapsulating into AlterWAN packets any IP packets transmitted from said one or more computers or devices at said destination site which do not have as their destination address one of said “

    predetermined IP addresses” and

    for receiving IP packets from various sources including said one or more computers or devices at said source site via said destination router, and functioning to recognize AlterWAN packets among said received IP packets and decrypt the payload sections of said AlterWAN packets to recover the original IP packets and transmitting at least the decrypted IP packets recovered from AlterWAN packet to said one or more computers or devices at said destination site.

View all claims
    ×
    ×

    Thank you for your feedback

    ×
    ×